Network Security & Policies

Network Security Mid Assesment

Get Started. It's Free
or sign up with your email address
Network Security & Policies by Mind Map: Network Security & Policies

1. Vulnerabilities

1.1. Type

1.1.1. Technology Vulnerability

1.1.1.1. TCP / IP Protocol Vulnerability

1.1.1.2. OS Vulnerability

1.1.1.3. Network & Equipment Vulnerability

1.1.2. Configuration Vulnerability

1.1.2.1. Unsecured User Account

1.1.2.2. System Account with Easily Guessed Password

1.1.2.3. Miss Configured Internet Service

1.1.2.4. Miss Configured Network Equipment

1.1.3. Security Policy Vulnerability

1.1.3.1. Lock of Written Security Policy

1.1.3.2. Politics

1.1.3.3. Look of continuity

1.1.3.4. Logical Access Control Not Applied

1.1.3.5. Disaster Recovery Plan Non exited

1.2. What Is ?

1.2.1. vulnerability is a weakness which can be exploited by a cyber attack to gain unauthorised access to or perform unauthorised actions on a computer system. Vulnerabilities can allow attackers to run code, access a system's memory, install malware, and steal, destroy or modify sensitive data

2. Necessary Policies

2.1. Type

2.1.1. Govering Policy

2.1.1.1. 1.It controls all security-related interactions among business units and supporting departments in the company

2.1.1.2. 2.It aligns closely with not only existing company policies, especially human resource policies, but also any other policy that mentions security-related issues, such as issues concerning email, computer use, or related IT subjects.

2.1.1.3. 3.It is placed at the same level as all company wide policies.

2.1.1.4. 4.It supports the technical and end-user policies.

2.1.1.5. 5.it includes the following key components

2.1.1.5.1. A statement of the issue that the policy addresses.

2.1.1.5.2. A statement about your position as IT manager on the policy.

2.1.1.5.3. How the policy applies in the environment

2.1.1.5.4. The roles and responsibilities of those affected by the policy.

2.1.1.5.5. What level of compliance to the policy is necessary.

2.1.1.5.6. Which actions, activities, and processes are allowed and which are not.

2.1.1.5.7. What the consequences of noncompliance are.

2.1.1.6. End User Policies

2.1.1.7. Technical Policies

2.1.1.7.1. General Policies

2.1.1.7.2. Email Policies

2.1.1.7.3. Remote Access Policy

2.1.1.7.4. Personal Device and Phone Policy

2.1.1.7.5. Application Policy

2.1.1.7.6. Network Policy

2.2. What Is?

2.2.1. A policy is a written document in an organisation outlining how to protect the organisation from threats, including computer security threats, and how to handle situations when they do occur.

3. Attacks

3.1. Type

3.1.1. Passive Attack

3.1.1.1. Interception

3.1.1.1.1. Traffic Analysis

3.1.1.1.2. Release The Message Content

3.1.2. Active Attack

3.1.2.1. Masquerade / Fabrication

3.1.2.2. Message Reply

3.1.2.3. Message Modification

3.1.2.4. Denial of Service / Interruption of Available

3.2. Basic Network Attacks

3.2.1. XSS

3.2.2. Password Based Attack

3.2.3. Malware Attack

3.2.4. Dos Attack

3.2.5. IP Stooping

3.2.6. Main The Middle Attack

3.2.7. SQL Injection Attack

3.3. Tools

3.3.1. Metasploit framework

3.3.2. Ettercap

3.3.3. SQL Map

3.3.4. Kali Linux

3.3.5. Social Engineering Tool Kit

3.3.6. Cain and able

3.4. Prevention Tips

3.4.1. Install Software Update

3.4.2. Use Unique Password

3.4.3. Use Two Factor Authentication

3.4.4. Use Strong Password

3.4.5. Use a Password Manager

3.4.6. Use a Firewall for Our Internet Connection

3.4.7. Browser Safety Online

3.4.8. Clear Browser After Leaving Computer

3.5. What Is?

3.5.1. Attacks are unauthorised actions against private, corporate or governmental IT assets in order to destroy them, modify them or steal sensitive data. As more enterprises invite employees to access data from mobile devices, networks become vulnerable to data theft or total destruction of the data or network.

4. Security Scan

4.1. Type

4.1.1. Vulnerability Scan

4.1.1.1. Tools

4.1.1.1.1. Nmap Scripting Engine (NSE)

4.1.1.1.2. Nessus Vulnerability Scanner

4.1.1.1.3. Free Solution

4.1.2. Version Scan

4.1.2.1. Tools

4.1.2.1.1. Nmap

4.1.2.1.2. The Amap

4.1.3. Network Sweeping

4.1.3.1. Tools

4.1.3.1.1. Hping

4.1.3.1.2. AngryIP

4.1.3.1.3. ICMP Query

4.1.4. Network Tracking

4.1.4.1. Tools

4.1.4.1.1. Traceroute

4.1.4.1.2. Larger Four Traceroute (LFT)

4.1.4.1.3. Web Based Traceroute

4.1.4.1.4. 3D Traceroute

4.1.5. Port Scan

4.1.5.1. Tools

4.1.5.1.1. Nmap

4.1.6. OS Finger Printing

4.1.6.1. Tools

4.1.6.1.1. X Probe 2

4.1.6.1.2. POF2

4.1.6.1.3. Nmap

4.2. What Is?

4.2.1. An automated process, which scans elements of a network, application or device to check for security flaws. Security scanning is something that should be undertaken regularly to ensure information remains secure